<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ (c) 2018 Open Source Geospatial Foundation - all rights reserved
  ~ This code is licensed under the GPL 2.0 license, available at the root
  ~ application directory.
  ~
  -->
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:sec="http://www.springframework.org/schema/security" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/context
          http://www.springframework.org/schema/context/spring-context-3.0.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.4.xsd
          http://www.springframework.org/schema/security/oauth2
          http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">

	<bean id="openIdConnectCoreExtension" class="org.geoserver.platform.ModuleStatusImpl">
		<constructor-arg index="0" value="gs-sec-oauth2-openid-connect-core" />
		<constructor-arg index="1" value="GeoServer Security OpenId Connect Core" />
	</bean>

	<!-- OAuth2 Security Extension -->
	<bean id="openIdConnectTokenServices"
		class="org.geoserver.security.oauth2.services.OpenIdConnectTokenServices">
	</bean>

	<bean id="openIdConnectBearerTokenValidator" class="org.geoserver.security.oauth2.bearer.MultiTokenValidator">
		<constructor-arg>
			<list>
				<bean class="org.geoserver.security.oauth2.bearer.AudienceAccessTokenValidator"/>
				<bean class="org.geoserver.security.oauth2.bearer.SubjectTokenValidator"/>
			</list>
		</constructor-arg>
	</bean>

	<bean id="openidConnectAuthenticationProvider"
		class="org.geoserver.security.oauth2.OpenIdConnectAuthenticationProvider">
		<constructor-arg ref="authenticationManager" />
		<constructor-arg value="openIdConnectTokenServices" />
		<constructor-arg value="openIdConnectSecurityConfiguration" />
		<constructor-arg value="openIdConnectRestTemplate" />
		<constructor-arg value="openIdConnectBearerTokenValidator" />
	</bean>

</beans>
